Attacker will always try to find out your PHP and Apache version using simple method. Most bugs are version specific. You can hide Apache and PHP information easily
Get your Apache server information using telnet
Get your Apache server information using telnet
Code:
telnet domain.com 80
When connected type HEAD / HTTP/1.0, followed by [Enter] key.
Output:
Code:
Trying 206.xxx.xxx.xxx...
Connected to your-domain-name.com.
Escape character is '^]'.
HEAD / HTTP/1.0 HTTP/1.0 200 OK
Date: Wed, 21 Aug 2013 11:30:42 GMT
Server: Apache/2.0.52 (Red Hat) Accept-Ranges: bytes Content-Length: 3985 Connection: close Content-Type: text/html; charset=UTF-8 Connection closed by foreign host.
How do I Hide Apache Version info?
Open httpd.conf file (located in /etc/httpd/ directory /etc/apache2/ )
Code:
vi httpd.conf
Change the ServerSignature line to: ServerSignature Off
Change the ServerTokens line to: ServerTokens Prod
Restart Apache: /sbin/service httpd restart
How do I hide php info?
Open php.ini (located in /etc/php.ini or /etc/php5 or /etc/php4 directory)
Code:
vi php.ini
Change the expose_php line to: expose_php=Off
No comments:
Post a Comment